The Office of the Privacy Commissioner of Canada published a guide with five tips for improving privacy impact assessments. The OPC found the missteps organizations take when conducting PIAs include not understanding their legal authority to collect certain personal data, defining the scope of a PIA for “clear analysis,” and creating and implementing an action plan based on the PIA.Full Story
The fate of Meta's data transfers to the U.S. is now facing an EU General Data Protection Regulation Article 65 dispute resolution mechanism in the EU, after Ireland's Data Protection Commission was unable to resolve objections from other EU data protection authorities to its draft enforcement decision. The case is now in the hands of the Secretariat of the European Data Protection Board, which — after it completes its administrative work — will officially trigger the Article 65 dispute resolution process.
EU policymakers will focus on closing the most important legislative files in the next 12 months before the European elections in spring 2024. Major outstanding proposals include the Artificial Intelligence Act and the Data Act, which stand to pave the way for such regulation globally if Brussels can close negotiations. Member states will circle back to the deadlock around ePrivacy Regulation and child sexual abuse material.
The U.S. National Institute of Standards and Technology published its Artificial Intelligence Risk Management Framework. NIST said the voluntary framework aims to help the private and public sectors "adapt to the AI landscape as technologies continue to develop, and to be used by organizations in varying degrees and capacities." U.S.
The Swedish Presidency of the Council of the European Union offered its latest compromise text for the proposed Data Act, Euractiv reports. As the council aims to finalize its position, new text updates provisions for business-to-government data access, international transfers and EU General Data Protection Regulation interplay.
The Office of the Privacy Commissioner of Canada announced findings from an investigation into Home Depot's e-receipt sharing with Meta's Facebook. The OPC found the retailer shared receipts, which included encoded email addresses and in-store purchase information, without proper consent from consumers. According to the OPC's recommendation, Home Depot halted sharing with Facebook in October 2022.
Privacy has become a necessity in business and security professionals have taken note, Cisco Systems' Director of Privacy Robert Waitman, CIPP/E, CIPP/US, CIPT, writes.
Bloomberg reports U.S. Congress obtained a whistleblower complaint alleging additional privacy and data security issues at Twitter before and shortly after Elon Musk's takeover. The unnamed whistleblower claimed approximately 4,000 Twitter employees had access to administrative settings that allowed a full takeover of any private account without user consent.
U.S. House Committee on Energy and Commerce Chair Cathy McMorris Rodgers, R-Wash., announced committee and subcommittee majority leadership for the 118th Congress. The full committee spent the end of the 2022 session, with Rodgers as ranking member, approving the proposed American Data Privacy and Protection Act for a House floor vote. Rodgers named Rep.